Oracle Whitepaper April 2015. Security and the Oracle Database Cloud Service



Similar documents
An Oracle White Paper June Security and the Oracle Database Cloud Service

An Oracle White Paper June RESTful Web Services for the Oracle Database Cloud - Multitenant Edition

Oracle Whitepaper januar Oracle VM Server for x86 FAQ

An Oracle White Paper July Introducing the Oracle Home User in Oracle Database 12c for Microsoft Windows

How To Load Data Into An Org Database Cloud Service - Multitenant Edition

An Oracle White Paper May Oracle Database Cloud Service

An Oracle White Paper September Oracle Database and the Oracle Database Cloud

G Cloud 7 Pricing Document

Performance with the Oracle Database Cloud

An Oracle White Paper February Oracle Data Integrator 12c Architecture Overview

An Oracle White Paper May Distributed Development Using Oracle Secure Global Desktop

October Oracle Application Express Statement of Direction

G Cloud 7 Pricing Document

An Oracle White Paper September Oracle WebLogic Server 12c on Microsoft Windows Azure

An Oracle White Paper October BI Publisher 11g Scheduling & Apache ActiveMQ as JMS Provider

An Oracle White Paper November Oracle Business Intelligence Standard Edition One 11g

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

Driving Down the High Cost of Storage. Pillar Axiom 600

An Oracle White Paper November Leveraging Massively Parallel Processing in an Oracle Environment for Big Data Analytics

An Oracle Communications White Paper December Serialized Asset Lifecycle Management and Property Accountability

An Oracle White Paper January Using Oracle's StorageTek Search Accelerator

An Oracle White Paper May Creating Custom PDF Reports with Oracle Application Express and the APEX Listener

An Oracle White Paper March Managing Metadata with Oracle Data Integrator

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

An Oracle White Paper June, Provisioning & Patching Oracle Database using Enterprise Manager 12c.

An Oracle White Paper Dec Oracle Access Management Security Token Service

An Oracle Technical Article November Certification with Oracle Linux 6

An Oracle White Paper August Oracle Database Auditing: Performance Guidelines

Migrating Non-Oracle Databases and their Applications to Oracle Database 12c O R A C L E W H I T E P A P E R D E C E M B E R

Deliver Oracle BI Publisher documents to Microsoft Office SharePoint Server An Oracle White Paper July 2008

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Managed Storage Services

An Oracle White Paper February Integration with Oracle Fusion Financials Cloud Service

Oracle Whitepaper ORACLE EXALYTICS IN-MEMORY MACHINE: A BRIEF INTRODUCTION

An Oracle White Paper July Oracle Linux and Oracle VM Remote Lab User Guide

An Oracle White Paper January Integrating Oracle Application Express with Oracle Access Manager. Revision 1

An Oracle Technical Article March Certification with Oracle Linux 7

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

An Oracle White Paper March Oracle s Single Server Solution for VDI

OpenLDAP Oracle Enterprise Gateway Integration Guide

An Oracle White Paper January Oracle Database Firewall

March Oracle Business Intelligence Discoverer Statement of Direction

An Oracle White Paper January Oracle Database Firewall

An Oracle Technical White Paper June Oracle VM Windows Paravirtual (PV) Drivers 2.0: New Features

An Oracle White Paper June Oracle Database Firewall 5.0 Sizing Best Practices

An Oracle White Paper December Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication

An Oracle White Paper October Oracle Data Integrator 12c New Features Overview

How To Configure An Orgaa Cloud Control On A Bigip (Cloud Control) On An Orga Cloud Control (Oms) On A Microsoft Cloud Control 2.5 (Cloud) On Microsoft Powerbook (Cloudcontrol) On The

ORACLE VM MANAGEMENT PACK

Oracle SQL Developer Migration

An Oracle White Paper June Oracle Linux Management with Oracle Enterprise Manager 12c

THE NEW BUSINESS OF BUSINESS LEADERS. Hiring and Onboarding

An Oracle White Paper June Creating an Oracle BI Presentation Layer from Imported Oracle OLAP Cubes

An Oracle White Paper December Tutor Top Ten List: Implement a Sustainable Document Management Environment

Oracle Database Backup Service. Secure Backup in the Oracle Cloud

Migration Best Practices for OpenSSO 8 and SAM 7.1 deployments O R A C L E W H I T E P A P E R M A R C H 2015

The Oracle Mobile Security Suite: Secure Adoption of BYOD

An Oracle White Paper April, Effective Account Origination with Siebel Financial Services Customer Order Management for Banking

An Oracle White Paper March Integrating the SharePoint 2007 Adapter with WebCenter Spaces ( & )

An Oracle White Paper August Automatic Data Optimization with Oracle Database 12c

Oracle Mobile Security

An Oracle White Paper January Oracle Database 12c: Full Transportable Export/Import

FAQ: How to create Effective Messages

Setting up the integration between Oracle Social Engagement & Monitoring Cloud Service and Oracle RightNow Cloud Service

A Framework for Implementing World-Class Talent Management. The highest performing businesses are re-focusing on talent management

Top Ten Reasons for Deploying Oracle Virtual Networking in Your Data Center

Oracle Utilities Customer Care and Billing Release Utility Reference Model Process Customer Request For Literature and Forms

Oracle Fusion Middleware. 1 Oracle Identity Management Templates

An Oracle White Paper November Upgrade Best Practices - Using the Oracle Upgrade Factory for Siebel Customer Relationship Management

Oracle JD Edwards EnterpriseOne Mobile Sales Order Entry

Manage Oracle Database Users and Roles Centrally in Active Directory or Sun Directory. Overview August 2008

Introduction. Automated Discovery of IT assets

SIX QUESTIONS TO ASK ANY VENDOR BEFORE SIGNING A SaaS E-COMMERCE CONTRACT

An Oracle White Paper August Higher Security, Greater Access with Oracle Desktop Virtualization

Oracle Financial Management Analytics

2011 Customer Experience Impact Report. Getting to the Heart of the Consumer and Brand Relationship

Load Testing Hyperion Applications Using Oracle Load Testing 9.1

Using Symantec NetBackup with VSS Snapshot to Perform a Backup of SAN LUNs in the Oracle ZFS Storage Appliance

An Oracle White Paper December The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks

Oracle Fusion Applications Splitting Topology from Single to Multiple Host Servers

An Oracle White Paper June, Enterprise Manager 12c Cloud Control Application Performance Management

WEBLOGIC SERVER MANAGEMENT PACK ENTERPRISE EDITION

An Oracle White Paper May 2011 BETTER INSIGHTS AND ALIGNMENT WITH BUSINESS INTELLIGENCE AND SCORECARDS

An Oracle White Paper June High Performance Connectors for Load and Access of Data from Hadoop to Oracle Database

An Oracle White Paper February Oracle Revenue Management and Billing for Healthcare Payers

ORACLE OPS CENTER: VIRTUALIZATION MANAGEMENT PACK

An Oracle White Paper Dec Oracle Access Management OAuth Service

An Oracle White Paper May Exadata Smart Flash Cache and the Oracle Exadata Database Machine

Oracle Primavera Gateway

An Oracle White Paper January, Enterprise Manager Cloud Control 12c: Configuring External User Authentication Using Microsoft Active Directory

Oracle Fusion Middleware

An Oracle White Paper June Cutting Cost through Consolidation

An Oracle White Paper September Advanced Java Diagnostics and Monitoring Without Performance Overhead

An Oracle Technical Article October Certification with Oracle Linux 5

Transcription:

Oracle Whitepaper April 2015 Security and the Oracle Database Cloud Service

Table of Contents Overview... 3 Security architecture... 4 User areas... 4 Accounts... 4 Identity Domains... 4 Database Cloud Service... 5 Cloud Identity Manager... 6 Signing up for a Database Cloud Service trial... 6 Database Cloud security measures... 7 Database Cloud Service security measures... 7 Database Cloud application security options... 8 RESTful Web Service security options... 8 Origin-based security... 9 OAUTH authentication... 9 Application-based access... 9 User-based access... 9 Logic-based access... 10 2

Overview One of the key concerns for organizations as they move to a shared resource model on the Cloud is insuring the security of their data. The Oracle Database Cloud Service, like the Oracle Database that is the foundation of the Database Cloud, has been created from the beginning with the utmost concern for security. This paper will review several aspects of security and the Oracle Database Cloud - Multitenant Edition The basic architecture of the security domains that are used for the Database Cloud - Multitenant Edition Security measures that apply to the overall service Security measures that apply to individual Database Cloud Services Application security options and Security options for RESTful Web Services that access a Database Cloud Service 3

Security architecture To understand the security architecture of the Oracle Database Cloud, you need to understand several different types of users and how they interact in the provisioning and management of a Database Cloud Service. User areas There are three different areas where user types operate an account, which represents a business organization, an identity domain, which represents a set of users, and a Database Cloud Service, which users in an identity domain can access. Accounts An account is representation of a business organization. An account can contain multiple Identity Domains, and each Identity Domain can contain multiple Database Cloud Services. An account is created when the first Database Cloud Service - Multitenant Edition is requested for a particular user. The initial requestor for an Account is identified as the Buyer. If the Buyer is requesting a Service through the Oracle Store, the Buyer can specify a different user as the Account Administrator; if the initial request is for a trial, the Buyer and the initial Account Administrator are the same user. Buyers and Account Administrators are authenticated through their Oracle.com identity. Any Account Administrator can grant or revoke the Account Administrator privilege for any other Oracle.com user. An Account Administrator has access to the My Account page in the Cloud user interface, which offers a readonly view of all users and Database Cloud Services - Multitenant Edition within an account. This read-only access allows Account Administrators to monitor all users and Services in their Account, but Account Administrators do not have any other management capabilities for those areas. Account Administrators can create additional Identity Domains or Database Cloud Services - Multitenant Edition for their accounts. An Account Administrator can assign a new Database Cloud Service - Multitenant Edition to an existing Identity Domain within their account. Identity Domains An Identity Domain is a pool of users. An account can have one or more Identity Domains, but each Domain is separate and distinct. You must define an Identity Domain when you initially request an account, and the requestor is given a username within the Identity Domain. 4

Identity Domain membership and privileges are defined with the Cloud Identity Manager, which is described in more detail below. Members of an Identity Domain can have security roles for one or more of the Cloud Services associated with the Identity Domain. These roles are described in more detail below. Identity Domain Administrators can see all Database Cloud Services - Multitenant Edition associated with the Identity Domain, and can assign and remove all security roles associated with these Cloud Services, including the Administrator role for any of the Services Database Cloud Service A Database Cloud Service - Multitenant Edition is an individual Service within the Oracle Database Cloud. Data within an individual Database Cloud Service - Multitenant Edition is completely separated from data in all other Services in the Oracle Database Cloud, as described in more detail below. Database Cloud Service - Multitenant Edition administrators can define users for the Services that they administer. Database Cloud Service - Multitenant Edition users can be defined with the Cloud Identity Manager or within the Administration area of the development platform for the Database Cloud Service - Multitenant Edition itself. If a user is defined with the Cloud Identity Manager, they must use the same tool to manage their profile; if a user is defined through the Administration area of the development platform, they must manage their profile through that platform. Administrators and developers for a Database Cloud Service - Multitenant Edition must be defined with the Cloud Identity Manager and given the appropriate security role. There are three roles for each Database Cloud Service - Multitenant Edition - Service Administrator, who can create, modify and delete Database Cloud Service - Multitenant Edition users and their privileges, both in the Cloud Identity Manager and the Administration area of the Database Cloud Service - Multitenant Edition development platform Developers, who can use the development platform within a Database Cloud Service - Multitenant Edition to create applications, but who cannot create, modify or delete users for that Database Cloud Service - Multitenant Edition and End users, who can run applications within the Database Cloud Service Multitenant Edition When a Database Cloud Service - Multitenant Edition is added to an Identity Domain, three individual roles which map to these levels are created within the Identity Domain. The Account Administrator and Identity Domain Administrator are automatically given the Service Administrator role for the initial Database Cloud Service, but all other roles have to be explicitly assigned through the Cloud Identity Manager. 5

Cloud Identity Manager This tool is used to administer all users and roles defined as part of the Cloud Identity Domain. A Identity Domain or Service administrator can add, delete and modify users with this tool, or to create, delete, assign or delete roles, as shown here. Identity Domain Administrators can use the Cloud Identity Manager to access all users defined within their Identity Domain and their roles. Service Administrators only get access to the users defined for their Service, and users of a service can only use the Cloud Identity Manager to modify their own user profile and reset their account password. For more details on the use of the Cloud Identity Manager, please refer to the documentation for this tool. Signing up for a Database Cloud Service - Multitenant Edition trial You can understand the interaction of the different security domains as you go through the process of signing up for a trial of the Database Cloud Service. When you request a trial, the first step is to log in with your Oracle.com username and password. You are prompted for your mailing information and your credit card is validated, although nothing is charged against your card. The next page is the Service Details page, as shown here. You have two basic choices to create a trial with a new Identity Domain, or to use an existing Identity Domain. If you choose to create a new Identity Domain, you are assigned an Identity Domain name, as well as a Service Name. By default, the email address for your Oracle.com account is used for the email address of the Service Administrator and used as the default for the Username, but you can change the Username and the First and Last Name of the Service Administrator. You can also choose to use the same Username for the Identity Domain Administrator, or create a different Username for that role. Once you have completed this page, the users specified are created in your Identity Domain with the appropriate roles. If you choose to use an existing Identity Domain, you are given the choice of specifying any Identity Domain withing the account for which the requestor is an Account Administrator. You can specify a Username for the Service Administrator and this user is created in your Identity Domain. This user does not have any Identity Domain 6

administration privileges. Database Cloud - Multitenant Edition security measures All security is based on well-thought out and implemented practices and procedures. The Oracle Database Cloud - Multitenant Edition is implemented with rigorous security practices and procedures based on decades of experience. The security processes used for the overall Oracle Cloud include secure access to data centers, annual security audits by third parties to insure regulatory security compliance and full auditing of the entire Cloud stack on a quarterly basis. All data stored in the Oracle Database Cloud - Multitenant Edition benefits from the use of Transparent Data Encryption. Transparent Data Encryption encrypts data stored on disk and in backups, protecting against unauthorized direct file access. The encryption and decryption of your data is handled automatically by the Oracle Database, so you do not have to add programmatic steps to use this powerful security feature. The Database Cloud - Multitenant Edition has to be protected against the introduction of malicious code which could harm all users. To enforce this level of protection while still allowing users to load data into their Database Cloud Service, data loads are sent to a Secure FTP server, where they are scanned for viruses before the data in the files is loaded into the Database Cloud Service - Multitenant Edition using your database account information. With this approach, malicious data can never be loaded in such a way that it affects other accounts or breaches the security isolation. This two step process also automatically compresses the actual data to be loaded, reducing the time needed to upload data to the Oracle Database Cloud. Database Cloud Service - Multitenant Edition security measures The Database Cloud Service - Multitenant Edition is built on a multi-tenant architecture, with database schemas providing the boundaries of tenant isolation. Schemas have been used in the Oracle Database as a method of separating data for decades. To enforce and protect the absolute security of tenants of the Database Cloud Service, some standard Oracle features have been locked down. For instance, access to any data dictionary view which allows a tenant to see the existence of other schemas has been prohibited. In addition, some SQL syntax is not allowed, such as GRANT or REVOKE, since these options are used to access objects between one schema to another schema owner. For a detailed list of syntax, objects and operations disallowed in the Database Cloud Service, please see the white paper on the security lockdown of the Database Cloud Service. 7

Database Cloud - Multitenant Edition application security options Your Database Cloud Service - Multitenant Edition includes Application Express, which you can use to develop and deploy HTML-based applications through a declarative process. Application Express has been in production since 2004, with hundreds of thousands of enterprise applications deployed throughout the world. There are a number of features of Application Express that help you to develop secure applications in your Database Cloud Service. Application Express supports several authentication schemes, which are used to insure that a particular user is properly identified. Application Express gives developers the ability to use authorization schemes, which are ways of allowing access to specific pages, regions within pages or items within regions, based on user identity. As a developer, you have access to the identity of a user at all times, so you can implement procedural limitations based on user identity. Although Application Express includes robust monitoring tools, you can add in procedural logic to log application and session specific information for further security analysis. Application Express includes protection against cross-site scripting attacks by providing a way to reference values that automatically escapes special characters, which will not allow any type of script to be included in pages returned to users through the Database Cloud Service - Multitenant Edition applications. In addition, Application Express gives you the option to automatically protect navigational URLs from being malicious modified. This option, referred to as Session State Protection, generates checksums which are included with any parameters passed as part of a URL to retrieve a page in an application. In addition, you can prevent a page from ever being accessed by a URL, only allowing access as the destination of a navigation link or branch from another page within the application. Application Express also includes reports which allow you to rapidly see the security options in force for a particular application, as well as to monitor usage of applications and individual pages in applications. RESTful Web Service security options The Oracle Database Cloud - Multitenant Edition allows access to data within a Database Cloud Service - Multitenant Edition through the use of RESTful Web Services, which can be defined with the RESTful Web Service Wizard. You can specify that access to RESTful calls use HTTPS, which secures communication between the client and the Database Cloud Service. You can also specify security on a RESTful Web Service in a number of ways. These ways are different from the traditional method of using schema users to implement security. An Oracle Database Cloud Service - Multitenant Edition is based on a single schema, and all RESTful Web Services which access data in this schema are executed 8

by the user who owns the schema. Without any specific security implementations on a RESTful Web Service, the services will return all data that satisfies an SQL statement or is collected by a PL/SQL block. There are four ways you can add security to your RESTful Web Services Based on the origin of the RESTful Web Service Based on the application using the RESTful Web Service Based on the identity of the user calling the RESTful Web Service or Based on logic implemented in the RESTful Web Service call itself Origin-based security You can specify that a RESTful Web Service module and its templates and handlers can only be accessed for a specified list of origin domains. OAUTH authentication RESTful Web Services use the OAUTH2 model of authentication, as shown in this diagram. OAUTH2 authentication is one of the standard authentication flows used on the Internet. To understand how to implement application-based or user-based authentication, you need to understand how the OAUTH authentication process flow works. OAUTH authentication requires two different tokens a request token, which allows a client to request authorization, and an access token, which grants access to a specific user. You can use this process flow to implement access to a specific application or to a specific user, as described below. Application-based access To allow a specific application to access RESTful Web Services, you use the OAUTH Request token. To implement this, you would generate a specific token and hard code that token into a specific application client. You would then use OAUTH to check for the request token. This type of authentication allows you to use a single token to grant access to all of the RESTful Web Services defined in a module to one or more application clients. User-based access 9

You can allow access to a RESTful Web Service based on the identity of the authenticated user. If you want access based only on user identity, you would not require an OAUTH Request token and use privileges defined in your Database Cloud Service - Multitenant Edition to limit access to the Web Service. The process of defining and using these privileges is defined in the next section. Logic-based access The three methods of implementing security described above grant access to one or more specific RESTful Web Services calls, similar to allowing a connection to a database. In traditional database security, access is granted based on the identity of the database user making the request. Since all RESTful Web Services in a specific Database Cloud Service - Multitenant Edition are executed by the same database user, this option is not available for these Services. In recognition of this architecture, the SQL command GRANT is not supported in a Database Cloud Service. However, this does not mean that you cannot limit access to data based on user identity. The identity of a user is established through the Database Cloud Service - Multitenant Edition authentication process, and this identity is available to developers as the OAM_REMOTE_USER parameter, kept securely in the header of all RESTful Web Service requests. You can use this value as part of a standard WHERE clause, which, for instance, could be used to limit the rows returned from a query to those for the same department as the current user. You could also use this value in more complex logic in either SQL or PL/SQL. Oracle Cloud Computing June 2014 Author: Rick Greenwald Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Copyright 2014, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 0110 10

über hunkler Die HUNKLER GmbH & Co. KG mit Hauptsitz in Karlsruhe ist ein Systemhaus, das Hauptsitz Karlsruhe You sich can ausschließlich allow access auf to Oracle-Datenbanktechnologien a RESTful Web Service based spezialisiert on the identity hat. Das of 1987 the authenticated Bannwaldallee user. 32, If 76185 you Karlsruhe want gegründete Unternehmen war der erste offizielle Oracle-Partner in Deutschland. Tel. 0721-490 16-0, Fax 0721-490 16-29 access based only on user identity, you would not require an OAUTH Request token and use privileges defined in Das Angebot gliedert sich in den Lizenzvertrieb sowie umfassende Dienstleistungen, von der Planung über die Realisierung bis zur Remote-Administration von Datenbankinfrastrukturen. Das Unternehmen ist Oracle Platinum Partner und hat damit den höchsten Partnerstatus inne, den Oracle vergibt. Geschäftsstelle Bodensee your Database Cloud Service - Multitenant Edition to limit access to the Web Service. The process of defining and using these privileges is defined in the next section. Fritz-Reichle-Ring 6a 78315 Radolfzell Tel. 07732-939 14-00, Fax 07732-939 14-04 info@hunkler.de, www.hunkler.de Logic-based access The three methods of implementing security described above grant access to one or more specific RESTful Web Services calls, similar to allowing a connection to a database. In traditional database security, access is granted based on the identity of the database user making the request. Since all RESTful Web Services in a specific Database Cloud Service - Multitenant Edition are executed by the same database user, this option is not available for these Services. In recognition of this architecture, the SQL command GRANT is not supported in a Database Cloud Service. However, this does not mean that you cannot limit access to data based on user identity. The identity of a user is established through the Database Cloud Service - Multitenant Edition authentication process, and this identity is available to developers as the OAM_REMOTE_USER parameter, kept securely in the header of all RESTful Web Service requests. You can use this value as part of a standard WHERE clause, which, for instance, could be used to limit the rows returned from a query to those for the same department as the current user. You could also use this value in more complex logic in either SQL or PL/SQL. Oracle Cloud Computing June 2014 Author: Rick Greenwald Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Copyright 2014, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 0110

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information